From 3e7bab705890c62f7c69f72f5d9342431d8cccf6 Mon Sep 17 00:00:00 2001 From: Helmut Hutzler <helmut.hutzler@th-nuernberg.de> Date: Thu, 15 Sep 2022 15:50:11 +0000 Subject: [PATCH] Cleanup Runner deployment --- GITLAB_Runner/gitlab-runner-manifest.yaml | 1 + deployments/gitlab-runner-manifest.yaml | 318 ---------------------- 2 files changed, 1 insertion(+), 318 deletions(-) delete mode 100644 deployments/gitlab-runner-manifest.yaml diff --git a/GITLAB_Runner/gitlab-runner-manifest.yaml b/GITLAB_Runner/gitlab-runner-manifest.yaml index 0f4ce3e..d940345 100644 --- a/GITLAB_Runner/gitlab-runner-manifest.yaml +++ b/GITLAB_Runner/gitlab-runner-manifest.yaml @@ -5,6 +5,7 @@ kind: ServiceAccount metadata: annotations: name: gitlab-runner + namespace: "gitlab-runner-ns" labels: app: gitlab-runner chart: gitlab-runner-0.44.0 diff --git a/deployments/gitlab-runner-manifest.yaml b/deployments/gitlab-runner-manifest.yaml deleted file mode 100644 index d940345..0000000 --- a/deployments/gitlab-runner-manifest.yaml +++ /dev/null @@ -1,318 +0,0 @@ ---- -# Source: gitlab-runner/templates/service-account.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - name: gitlab-runner - namespace: "gitlab-runner-ns" - labels: - app: gitlab-runner - chart: gitlab-runner-0.44.0 - release: "gitlab-runner" - heritage: "Helm" ---- -# Source: gitlab-runner/templates/secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "gitlab-runner" - namespace: "gitlab-runner-ns" - labels: - app: gitlab-runner - chart: gitlab-runner-0.44.0 - release: "gitlab-runner" - heritage: "Helm" -type: Opaque -data: - runner-registration-token: "R1IxMzQ4OTQxLURaaGtBaWlGenE5SHBqVGpld1M=" - runner-token: "" ---- -# Source: gitlab-runner/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitlab-runner - namespace: "gitlab-runner-ns" - labels: - app: gitlab-runner - chart: gitlab-runner-0.44.0 - release: "gitlab-runner" - heritage: "Helm" -data: - entrypoint: | - #!/bin/bash - set -e - - mkdir -p /home/gitlab-runner/.gitlab-runner/ - - cp /configmaps/config.toml /home/gitlab-runner/.gitlab-runner/ - - # Set up environment variables for cache - if [[ -f /secrets/accesskey && -f /secrets/secretkey ]]; then - export CACHE_S3_ACCESS_KEY=$(cat /secrets/accesskey) - export CACHE_S3_SECRET_KEY=$(cat /secrets/secretkey) - fi - - if [[ -f /secrets/gcs-applicaton-credentials-file ]]; then - export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-applicaton-credentials-file" - elif [[ -f /secrets/gcs-application-credentials-file ]]; then - export GOOGLE_APPLICATION_CREDENTIALS="/secrets/gcs-application-credentials-file" - else - if [[ -f /secrets/gcs-access-id && -f /secrets/gcs-private-key ]]; then - export CACHE_GCS_ACCESS_ID=$(cat /secrets/gcs-access-id) - # echo -e used to make private key multiline (in google json auth key private key is oneline with \n) - export CACHE_GCS_PRIVATE_KEY=$(echo -e $(cat /secrets/gcs-private-key)) - fi - fi - - if [[ -f /secrets/azure-account-name && -f /secrets/azure-account-key ]]; then - export CACHE_AZURE_ACCOUNT_NAME=$(cat /secrets/azure-account-name) - export CACHE_AZURE_ACCOUNT_KEY=$(cat /secrets/azure-account-key) - fi - - if [[ -f /secrets/runner-registration-token ]]; then - export REGISTRATION_TOKEN=$(cat /secrets/runner-registration-token) - fi - - if [[ -f /secrets/runner-token ]]; then - export CI_SERVER_TOKEN=$(cat /secrets/runner-token) - fi - - # Validate this also at runtime in case the user has set a custom secret - if [[ ! -z "$CI_SERVER_TOKEN" && "1" -ne "1" ]]; then - echo "Using a runner token with more than 1 replica is not supported." - exit 1 - fi - - # Register the runner - if ! sh /configmaps/register-the-runner; then - exit 1 - fi - - # Run pre-entrypoint-script - if ! bash /configmaps/pre-entrypoint-script; then - exit 1 - fi - - # Start the runner - exec /entrypoint run --user=gitlab-runner \ - --working-directory=/home/gitlab-runner - - config.toml: | - concurrent = 10 - check_interval = 30 - log_level = "info" - - - config.template.toml: | - [[runners]] - [runners.kubernetes] - namespace = "gitlab-runner-ns" - image = "ubuntu:16.04" - - - register-the-runner: | - #!/bin/bash - MAX_REGISTER_ATTEMPTS=30 - - for i in $(seq 1 "${MAX_REGISTER_ATTEMPTS}"); do - echo "Registration attempt ${i} of ${MAX_REGISTER_ATTEMPTS}" - /entrypoint register \ - --template-config /configmaps/config.template.toml \ - --non-interactive - - retval=$? - - if [ ${retval} = 0 ]; then - break - elif [ ${i} = ${MAX_REGISTER_ATTEMPTS} ]; then - exit 1 - fi - - sleep 5 - done - - exit 0 - - check-live: | - #!/bin/bash - if /usr/bin/pgrep -f .*register-the-runner; then - exit 0 - elif /usr/bin/pgrep gitlab.*runner; then - exit 0 - else - exit 1 - fi - - pre-entrypoint-script: | ---- -# Source: gitlab-runner/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: "Role" -metadata: - name: gitlab-runner - labels: - app: gitlab-runner - chart: gitlab-runner-0.44.0 - release: "gitlab-runner" - heritage: "Helm" - namespace: "gitlab-runner-ns" -rules: -- apiGroups: [""] - resources: ["*"] - verbs: ["*"] ---- -# Source: gitlab-runner/templates/role-binding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: "RoleBinding" -metadata: - name: gitlab-runner - labels: - app: gitlab-runner - chart: gitlab-runner-0.44.0 - release: "gitlab-runner" - heritage: "Helm" - namespace: "gitlab-runner-ns" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: "Role" - name: gitlab-runner -subjects: -- kind: ServiceAccount - name: gitlab-runner - namespace: "gitlab-runner-ns" ---- -# Source: gitlab-runner/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitlab-runner - namespace: "gitlab-runner-ns" - labels: - app: gitlab-runner - chart: gitlab-runner-0.44.0 - release: "gitlab-runner" - heritage: "Helm" -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: gitlab-runner - template: - metadata: - labels: - app: gitlab-runner - chart: gitlab-runner-0.44.0 - release: "gitlab-runner" - heritage: "Helm" - annotations: - checksum/configmap: c89b730e58e54e184a7540b77741eb6828c22fd5e31e3da1aff90aceea1e6a61 - checksum/secrets: fb396a24f5907af003946c5a491c0357f46fc69b161025ece63760674c591922 - spec: - securityContext: - fsGroup: 65533 - runAsUser: 100 - terminationGracePeriodSeconds: 3600 - serviceAccountName: gitlab-runner - containers: - - name: gitlab-runner - image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v15.3.0 - imagePullPolicy: "IfNotPresent" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: false - runAsNonRoot: true - lifecycle: - preStop: - exec: - command: ["/entrypoint", "unregister", "--config=/home/gitlab-runner/.gitlab-runner/config.toml"] - lifecycle: - preStop: - exec: - command: ["/entrypoint", "unregister", "--all-runners"] - command: ["/usr/bin/dumb-init", "--", "/bin/bash", "/configmaps/entrypoint"] - env: - - - name: CI_SERVER_URL - value: "https://git.informatik.fh-nuernberg.de/" - - name: CLONE_URL - value: "" - - name: RUNNER_EXECUTOR - value: "kubernetes" - - name: REGISTER_LOCKED - value: "true" - - name: RUNNER_TAG_LIST - value: "" - - name: KUBERNETES_PRIVILEGED - value: "true" - - name: CACHE_TYPE - value: "s3" - - name: CACHE_PATH - value: "gitlab-runner" - - name: CACHE_SHARED - value: "true" - - name: CACHE_S3_SERVER_ADDRESS - value: "minio:9000" - - name: CACHE_S3_BUCKET_NAME - value: "gitlab-runner" - - name: CACHE_S3_BUCKET_LOCATION - value: "" - - name: CACHE_S3_INSECURE - value: "true" - livenessProbe: - exec: - command: ["/bin/bash", "/configmaps/check-live"] - initialDelaySeconds: 60 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - exec: - command: ["/usr/bin/pgrep","gitlab.*runner"] - initialDelaySeconds: 10 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - ports: - - name: "metrics" - containerPort: 9252 - volumeMounts: - - name: projected-secrets - mountPath: /secrets - - name: etc-gitlab-runner - mountPath: /home/gitlab-runner/.gitlab-runner - - name: configmaps - mountPath: /configmaps - resources: - {} - volumes: - - name: runner-secrets - emptyDir: - medium: "Memory" - - name: etc-gitlab-runner - emptyDir: - medium: "Memory" - - name: projected-secrets - projected: - sources: - # .Values.runners.cache.cacheType is deprecated: https://gitlab.com/gitlab-org/charts/gitlab-runner/-/issues/224 - - secret: - name: "gitlab-runner-s3-access-secret" - - secret: - name: "gitlab-runner" - items: - - key: runner-registration-token - path: runner-registration-token - - key: runner-token - path: runner-token - - name: configmaps - configMap: - name: gitlab-runner -- GitLab